Page History

...

Confusion over which instructions are executed and which are not can lead to serious programming errors and vulnerabilities, including denial of service, abnormal program termination, and data integrity violation. This problem is mitigated by the use of interactive development environments (IDEs) and editors that use fonts, colors, or other mechanisms to differentiate between comments and code. However, the problem can still manifest, for example, when reviewing source code printed on a black-and-white printer.

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
MSC04-C	Medium	Unlikely	Medium	P4	L3

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

mline-comment

sline-comment

sline-splicing

Partially checked

GCC

Include Page

	GCC_V
	GCC_V

Can detect violations of this rule when the -Wcomment flag is used

ECLAIR

Include Page

	ECLAIR_V
	ECLAIR_V

CC2.MSC04

Fully implemented

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

119 S, 302 S, 611 S

Partially implemented

Parasoft C/C++test

Include Page

c:

	Parasoft_V

c:

	Parasoft_V

MISRA2012

MISRA2004-

RULE-3_1{a,b,c}

2_3, COMMENT-11, COMMENT-12, COMMENT-13

Fully implemented

PRQA QA-C

Include Page

	PRQA QA-C_v
	PRQA QA-C_v

3108

RuleChecker

Include Page

	RuleChecker_V
	RuleChecker_V

mline-comment

sline-comment

sline-splicing

Partially checked

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding Standard	VOID MSC04-CPP. Use comments consistently and in a readable fashion
MISRA C:2012	Rule 1.2 (advisory) Rule 3.1 (required) Directive 4.4 (advisory)

Bibliography

[Summit 2005]

Question 11.19

...

Space shortcuts

Page tree

Versions Compared

Old Version 78

New Version 79

Key

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography